- Title
- Evolved similarity techniques in malware analysis
- Creator
- Black, Paul; Gondal, Iqbal; Vamplew, Peter; Lakhotia, Arun
- Date
- 2019
- Type
- Text; Conference proceedings
- Identifier
- http://researchonline.federation.edu.au/vital/access/HandleResolver/1959.17/180886
- Identifier
- vital:15804
- Identifier
-
https://doi.org/10.1109/TrustCom/BigDataSE.2019.00061
- Identifier
- ISBN:978-1-7281-2777-4
- Abstract
- Malware authors are known to reuse existing code, this development process results in software evolution and a sequence of versions of a malware family containing functions that show a divergence from the initial version. This paper proposes the term evolved similarity to account for this gradual divergence of similarity across the version history of a malware family. While existing techniques are able to match functions in different versions of malware, these techniques work best when the version changes are relatively small. This paper introduces the concept of evolved similarity and presents automated Evolved Similarity Techniques (EST). EST differs from existing malware function similarity techniques by focusing on the identification of significantly modified functions in adjacent malware versions and may also be used to identify function similarity in malware samples that differ by several versions. The challenge in identifying evolved malware function pairs lies in identifying features that are relatively invariant across evolved code. The research in this paper makes use of the function call graph to establish these features and then demonstrates the use of these techniques using Zeus malware.
- Publisher
- IEEE
- Relation
- 2019 18th IEEE International Conference On Trust, Security And Privacy; published in In Computing And Communications/13th IEEE International Conference On Big Data Science And Engineering (TrustCom/BigDataSE), 5-8th Aug, 2019 p. 404-410
- Rights
- All metadata describing materials held in, or linked to, the repository is freely available under a CC0 licence
- Rights
- Copyright IEEE
- Subject
- Binary similarity; Malware evolution; Malware similarity; Zeus
- Reviewed
- Hits: 787
- Visitors: 744
- Downloads: 0
Thumbnail | File | Description | Size | Format |
---|